[Pkg-ganeti-devel] Bug#810850: /usr/sbin/gnt-instance: gnt-instance info $instance fails with the exception "KeyError: 'secret'".

Zachary A Newell newellz2 at unr.edu
Tue Jan 12 19:45:28 UTC 2016 

Package: ganeti
Version: 2.12.4-1+deb8u2
Severity: normal
File: /usr/sbin/gnt-instance


After updating ganeti2 to fix CVE-2015-7945. The gnt-instance info $instance command fails when querying
instances with a drbd disk template because the 'secret' key is not in the drbd_info dict.


# gnt-instance info instance1
Traceback (most recent call last):
  File "/usr/sbin/gnt-instance", line 21, in <module>
    sys.exit(main.Main())
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1678, in Main
    env_override=_ENV_OVERRIDE)
  File "/usr/share/ganeti/2.12/ganeti/cli.py", line 2709, in GenericMain
    result = func(options, args)
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1234, in ShowInstanceConfig
    for instance in result.values()
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1198, in _FormatInstanceInfo
    for (idx, device) in enumerate(instance["disks"])
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 1064, in _FormatBlockDevInfo
    l_id = _FormatDiskDetails(dev["dev_type"], dev, roman)
  File "/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py", line 963, in _FormatDiskDetails
    ("auth key", str(drbd_info["secret"])),
KeyError: 'secret'


I tracked the error down to this line
#/usr/share/ganeti/2.12/ganeti/client/gnt_instance.py
963:      ("auth key", str(drbd_info["secret"])),


If you inspect drbd_info the "secret" key does not exist. I was able to have the command execute by changing
the line 963 to:


      ("auth key", str(drbd_info.get("secret"))),


Now the info shows the auth_key as None:


  Disk template: drbd
  Disks:
    - disk/0: drbd, size 20.0G
      access mode: rw
      nodeA: host5, minor=0
      nodeB: host4, minor=1
      port: 11006
      auth key: None


It looks like this issue was introduced by this commit:
http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126


diff --git a/lib/storage/drbd.py b/lib/storage/drbd.py
index 7381c01..215a0f4 100644 (file)
--- a/lib/storage/drbd.py
+++ b/lib/storage/drbd.py
@@ -201,7 +201,9 @@ class DRBD8Dev(base.BlockDev):
     self._rhost = dyn_params[constants.DDP_REMOTE_IP]
     self._rport = unique_id[2]
     self._aminor = dyn_params[constants.DDP_LOCAL_MINOR]
-    self._secret = unique_id[5]
+    # The secret is wrapped in the Private data type, and it has to be extracted
+    # before use
+    self._secret = unique_id[5].Get()


     if children:
       if not _CanReadDevice(children[1].dev_path):


Thanks,
Zach Newell
newellz2 at unr.edu


-- Package-specific info:
Version symlinks:
  /etc/ganeti/share -> /usr/share/ganeti/2.12
  /etc/ganeti/lib -> /usr/lib/ganeti/2.12
Cluster config version: 2.12.4
Address family: IPv4
Enabled hypervisors: kvm
kvm hypervisor parameters:
  acpi=True
  boot_order=disk
  cpu_cores=0
  cpu_mask=all
  cpu_sockets=0
  cpu_threads=0
  disk_aio=threads
  disk_cache=default
  disk_type=paravirtual
  kernel_args=ro
  kvm_path=/usr/bin/kvm
  migration_bandwidth=32
  migration_downtime=30
  migration_mode=live
  migration_port=8102
  nic_type=paravirtual
  reboot_behavior=reboot
  root_path=/dev/vda1
  security_model=none
  serial_console=True
  serial_speed=38400
  spice_ip_version=0
  spice_playback_compression=True
  spice_tls_ciphers=HIGH:-DES:-3DES:-EXPORT:-ADH
  spice_use_tls=False
  spice_use_vdagent=True
  use_chroot=False
  use_localtime=False
  user_shutdown=False
  vhost_net=False
  virtio_net_queues=1
  vnc_tls=False
  vnc_x509_verify=False
  vnet_hdr=True


-- System Information:
Debian Release: 8.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)


Kernel: Linux 3.16.0-4-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


Versions of packages ganeti depends on:
ii  adduser              3.113+nmu3
ii  ganeti-2.12          2.12.4-1+deb8u2
ii  ganeti-haskell-2.12  2.12.4-1+deb8u2
ii  ganeti-htools-2.12   2.12.4-1+deb8u2
ii  python               2.7.9-1


Versions of packages ganeti recommends:
ii  drbd-utils                   8.9.2~rc1-2
ii  ganeti-instance-debootstrap  0.15-1
ii  ndisc6                       1.0.1-1+b1
ii  qemu-kvm                     1:2.1+dfsg-12+deb8u4


Versions of packages ganeti suggests:
pn  blktap-dkms  <none>
pn  ganeti-doc   <none>
pn  molly-guard  <none>


-- Configuration Files:
/etc/default/ganeti changed [not included]


-- no debconf information

More information about the Pkg-ganeti-devel mailing list